Automated jailbreak attack targeting multiple defense strategies

22d ago · Global · primary source: export.arxiv.org

A new automated framework called UNIATTACK can systematically bypass multiple safety defenses in large language models, achieving attack success rate improvements of up to 248.82% over existing methods while operating at a fraction of the cost, according to research posted to arXiv on June 15, 2026 [1]. The framework, detailed by its authors, extracts minimal but high-impact attack features from diverse existing attacks and optimizes them through a specialized attacker LLM before composing them into flexible templates via an automated refinement process [1]. Unlike prior approaches that depend on static templates or iterative model-specific tuning, UNIATTACK enables one-shot attacks that generalize across multiple models and safety categories [1]. The researchers report an average attack success rate improvement of 64.63% to 248.82% on models deployed with multi-layered defense mechanisms, while requiring only 0.03% to 4.96% of the computational cost of baseline methods [1]. The work targets a known vulnerability class called prompt injection, a cybersecurity exploit in which innocuous-looking inputs are designed to cause unintended behavior in machine learning models [2]. Such attacks take advantage of a model's inability to distinguish between developer-defined prompts and user inputs, allowing adversaries to bypass safeguards and influence model behavior [2]. With the expansion of LLM capabilities to include web browsing and file upload, models must now also differentiate user input from content not directly authored by the user, opening the door to indirect prompt injection where adversarial prompts are embedded within website content [2]. Large language models, which are neural networks trained on vast amounts of text for natural language processing tasks, underpin modern chatbots and are typically based on transformer architectures [3]. Benchmark evaluations for these models attempt to measure reasoning, factual accuracy, alignment, and safety, but adversarial testing frameworks like UNIATTACK expose persistent gaps in those safety measures [3]. The prevalence of generative AI tools has increased sharply since the AI boom of the 2020s, with applications spanning chatbots, text-to-image models, and text-to-video systems, while also being used for cybercrime and disinformation through fake news and deepfakes [5]. China, which has emerged as a world leader in AI alongside the United States, published its Data Security Law in 2021 and in 2023 issued guidelines requiring that AI-generated content uphold Core Socialist Values and safeguard user data [6]. In 2025, the Chinese government further mandated that companies use as little data deemed "unsafe" as possible and test models regularly [6]. The UNIATTACK framework arrives as governments and companies grapple with the tension between rapid AI deployment and the security vulnerabilities that adversarial research continues to uncover. The artifact associated with the paper has been made publicly available [1].

safety-researchresearch-papermodel-releaseproduct-launchtool-releasecommentary

Background sources we checked (10)
  • en.wikipedia.org ↗ Prompt injection is a cybersecurity exploit and an attack vector in which innocuous-looking inputs (i.e. prompts) are designed to cause unintended behavior in machine learning models, particularly large language models (LLMs). The attack takes advantage of the model's inability t…
  • en.wikipedia.org ↗ A large language model (LLM) is a neural network trained on a vast amount of text for natural language processing tasks, especially language generation. LLMs can typically generate, summarize, translate, and analyze text in many contexts, and are a foundational technology behind …
  • en.wikipedia.org ↗ Mobile security, or mobile device security, is the protection of smartphones, tablets, and laptops from threats associated with wireless computing. It has become increasingly important in mobile computing. The security of personal and business information now stored on smartphone…
  • en.wikipedia.org ↗ Generative artificial intelligence (GenAI) is a subfield of artificial intelligence (AI) that uses generative models to generate text, images, videos, audio, software code (vibe coding) or other forms of data. These models learn the underlying patterns and structures of their tra…
  • en.wikipedia.org ↗ The roots of the development of artificial intelligence in the People's Republic of China started in the late 1970s following Deng Xiaoping's reform and opening up emphasizing science and technology as the country's primary productive force. The initial stages of China's AI devel…
  • arxiv.org ↗ We review thirteen generative systems and five supporting datasets for quantum circuit and quantum code generation, identified through a structured scoping review of Hugging Face, arXiv, and provenance tracing (January-February 2026). We organize the field along two axes: artifac…
  • huggingface.co ↗ # Paper Pages Paper pages allow people to find artifacts related to a paper such as models, datasets and apps/demos (Spaces). Paper pages also enable the community to discuss about the paper. ## Linking a Paper to a model, dataset or Space If the repository card (`README.md`) …
  • huggingface.co ↗ # How to Add a Space to ArXiv ... Demos on Hugging Face Spaces allow a wide audience to try out state-of-the-art machine learning research without writing any code. Hugging Face and ArXiv have collaborated to embed these demos directly along side papers on ArXiv! ... Thanks to th…
  • huggingface.co ↗ Daily Papers - Hugging Face new Get trending papers in your email inbox once a day! Get trending papers in your email inbox! Subscribe # Daily Papers ## byAK and the research community - Daily - Weekly - Monthly Trending Papers https://huggingface.co/papers/date/2026-06-…
  • en.wikipedia.org ↗ Hangzhou DeepSeek Artificial Intelligence Basic Technology Research Co., Ltd., doing business as DeepSeek, is a Chinese artificial intelligence (AI) company that develops large language models (LLMs). Based in Hangzhou, Zhejiang, DeepSeek is owned and funded by High-Flyer, a Chin…

Sources

Spot something wrong? Report an issue